package com.wf.security;

import com.wf.common.util.StringUtil;
import com.wf.entity.Menu;
import com.wf.entity.Role;
import com.wf.provider.MenuProvider;
import com.wf.provider.RoleProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.*;

/**
 * Created by yangyibo on 17/1/19.
 */
@Service
public class MyInvocationSecurityMetadataSourceService implements
        FilterInvocationSecurityMetadataSource {

    @Autowired
    private MenuProvider menuProvider;
    @Autowired
    private RoleProvider roleProvider;

    private HashMap<String, Collection<ConfigAttribute>> resourceMap = null;

    /**
     * 加载权限表中所有权限
     */
    public void loadResourceDefine() {
        resourceMap = new HashMap<>();

        List<Role> roles = roleProvider.getAll(new Role());
        for (Role role : roles) {
            ConfigAttribute ca = new SecurityConfig(role.getRoleName());
            List<Menu> menus = menuProvider.getMenusByRoleId(role.getId());
            for (Menu menu : menus) {
                String url = menu.getMenuUrl();
                if(!StringUtil.empty(url)){
                    if (resourceMap.containsKey(url)) {
                        Collection<ConfigAttribute> value = resourceMap.get(url);
                        value.add(ca);
                        resourceMap.put(url, value);
                    } else {
                        Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
                        atts.add(ca);
                        resourceMap.put(url, atts);
                    }
                }
            }
        }
    }

    //此方法是为了判定用户请求的url 是否在权限表中，如果在权限表中，则返回给 decide 方法，用来判定用户是否有此权限。如果不在权限表中则放行。
    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        if (resourceMap == null) {
            loadResourceDefine();
        }
        //object 中包含用户请求的request 信息
        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
        AntPathRequestMatcher matcher;
        String resUrl;
        for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext(); ) {
            resUrl = iter.next();
            matcher = new AntPathRequestMatcher(resUrl);
            if (matcher.matches(request)) {
                return resourceMap.get(resUrl);
            }
        }
        return null;
    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
}